Comments (3)
0xdeadbeer
commented on June 16, 2024
A few of my additional findings:
- it does not matter what encryption algorithm you used
- nor what kind of password you have, whether you generated it or not
I suspect that it comes down to this:
keepassxc/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
Lines 181 to 205 in da90319
To my surprise, m_passwordEditWidget->isEmpty() does not return true if the user hasn't clicked on "Change Password" button in the Database Security Settings.. an additional check with m_passwordEditWidget->visiblePage() == KeyComponentWidget::Page::Edit is I hope enough to safe-guard it..? Like so:
diff --git a/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp b/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
index 1de8e6a9..0c26bccb 100644
--- a/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
+++ b/src/gui/dbsettings/DatabaseSettingsWidgetDatabaseKey.cpp
@@ -178,7 +178,8 @@ bool DatabaseSettingsWidgetDatabaseKey::save()
}
// Show warning if database password is weak
- if (!m_passwordEditWidget->isEmpty()
+ bool isNewPasswordDirty = !m_passwordEditWidget->isEmpty() && m_passwordEditWidget->visiblePage() == KeyComponentWidget::Page::Edit;
+ if (isNewPasswordDirty
&& m_passwordEditWidget->getPasswordQuality() < PasswordHealth::Quality::Good) {
auto dialogResult = MessageBox::warning(this,
tr("Weak password"),
@@ -195,7 +196,7 @@ bool DatabaseSettingsWidgetDatabaseKey::save()
// If enforced in the config file, deny users from continuing with a weak password
auto minQuality =
static_cast<PasswordHealth::Quality>(config()->get(Config::Security_DatabasePasswordMinimumQuality).toInt());
- if (!m_passwordEditWidget->isEmpty() && m_passwordEditWidget->getPasswordQuality() < minQuality) {
+ if (isNewPasswordDirty && m_passwordEditWidget->getPasswordQuality() < minQuality) {
MessageBox::critical(this,
tr("Weak password"),
tr("You must enter a stronger password to protect your database."),from keepassxc.
droidmonkey
commented on June 16, 2024
That code won't compile. simply call isVisible() on the password widget.
from keepassxc.
0xdeadbeer
commented on June 16, 2024
Strange, it compiles on my machine..? Anyhow, after some checking to me it seems that calling m_passwordEditWidget->isVisible() at that point in time returns true even if the user does not click on "Change Password"..? Even weirder is the fact that the visible property seems to be false at that point when inspected through Gamma Ray.. ->isVisible() still returns true though.. will look further into the source code the coming days
from keepassxc.
Related Issues (20)
- Unsaved changes are thrown away when choosen not to HOT 8
- Broken build when using system zxcvbn
- Visual and/or audio feedback when Yubikey touch required
- Context Menu on Wrong Display HOT 3
- First character of login is not automaticcaly entered with AutoType HOT 3
- Add description / colour label to lock screen HOT 2
- Discussion about CVE-2024-33900 and CVE-2024-33901 HOT 4
- Bitwarden encrypted .json import causes 'unknown software exception (0xe06d7363)' HOT 15
- integrated synchronization HOT 1
- security token key integration
- It is not possible to select a keyfile with the Brazilian Portuguese software in version 2.7.8. HOT 3
- dark mode and countdown progress bar visibility request HOT 1
- Favicon download button gone HOT 3
- AutoType Sequence `%p` should send `[ALT]+p` but send `3p` HOT 4
- Auto-Type not working for Adobe Acrobat "Certificates" password HOT 1
- Auto-Type autofill does not work on Drake Tax Timeout box HOT 1
- Eye symbol not shown when "show password placeholders" is enabled HOT 5
- Secrete service client triggers unlock of the wrong database HOT 1
- Considering the proximity of the options after right click above an entry, users may inadvertently delete instead of cloning or adding new entries HOT 2
- TOTP Value wrong HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keepassxc.